Data-Sharing With EU Could Change Under New Commerce Secretary

The Secretary of Commerce in the next administration will be responsible for a data-sharing agreement with the European Union that is worth billions to the U.S. tech industry. On Wednesday, President-elect Donald Trump’s choice for that post, Wilbur Ross, said he would uphold the deal, but he hinted that it might change in the future.

There should be a “balance” between data protectionism and privacy, he said.

His comments at his confirmation hearing came the same day that an electronic privacy group requested that the next administration strengthen the privacy protections in the deal, fearing that U.S. intelligence activities will hinder the free flow of data between the two continents.

The United States currently has an agreement with the EU, dubbed “Privacy Shield,” that allows U.S.-based businesses to send data to Europe without fear of running afoul of stronger European privacy laws. Privacy concerns continue to loom over it, however.

The Electronic Privacy Information Center sent a letter to the Senate Commerce Committee on Wednesday warning that if the Commerce Secretary fails to put “substantial reforms” to data protection in place, there will be a “real risk that the transatlantic flow of personal data will be disrupted.”

At his hearing before that committee, Ross said he would commit to keeping Privacy Shield intact because it already exists and then added a cryptic comment about the future of balancing privacy and data localization laws.

“The agreements that exist obviously exist, but I think going forward there will be a tension between privacy on one hand and problems of localization and data and the implications that they have for the internet as we go forward,” Ross said.

“I think that’s going to be a very tricky balancing act,” Ross added.

Sen. Brian Schatz (D-Hawaii) had asked Ross for his “commitment to continuity” with the Privacy Shield. Ross was not asked any follow-up questions, so he didn’t elaborate.

Securing the data-sharing pact with the EU last year hinged on the United States ensuring privacy protections to European citizens whose data is under U.S. jurisdiction and promising to avoid indiscriminate mass surveillance. (European data protection authorities expressed hesitation even after the deal had been finalized).

Without the agreement, U.S. businesses operating in the EU would face data localization laws and stricter data privacy requirements, a costly proposition.

Ross Schulman, senior policy counsel at the New America Foundation’s Open Technology Institute, predicted in an email to Morning Consult that if the deal comes into conflict with anything over the next few years, “it will likely be our intelligence information gathering infrastructure.”

The likely renewal of Section 702 of the Foreign Intelligence Surveillance Act, as well as other surveillance practices and the “open hostility to the EU,” poses “a real risk that Privacy Shield will collapse and with it much of the internet economy,” said Marc Rotenberg, president and executive director of EPIC, in an email to Morning Consult. Without surveillance reform, the European high court could strike down Privacy Shield.

Roughly $600 billion (€465 billion) could rely on the openness of the digital economy, including cross-border data flows, according to a Feb. 2016 report from the Washington-based think tank, the Information Technology Industry Council.